Service Announcement: How to mitigate this “Cryptolocker Ransom” virus.

You will commonly hear me say “there is no such thing as the consumer virus”. The reason why is the monetization of computer “hackers” and viruses has happened so that there is zero real incentive to create creative viruses anymore, especially since it has already “been done”. This has apparently changed with bitcoin. I just saw this article that everybody should be made aware of: Cryptolocker Ransomware Being described as the perfect crime. I would like to address this for the “normal user” as to how to be prepared if you were to EVER get this virus or anything like this. I suggest watching the video just so you can see what the screenshots look like so you have some idea what you might be looking for.

If you see the “your files are encrypted” screen, or ANYTHING like that (don’t think there won’t be different versions of this), IMMEDIATELY turn the computer off. I mean physically, pull it out of the wall, or flick the switch in the back, or if its a laptop you’ll have to do a hard power down by holding the power button. I cannot emphasize this enough. Immediately turn off the machine, and don’t continue to look at the message, immediately kill it. Encrypting files actually takes some time and is a very hard drive intensive slow process and isn’t something that is just instantaneous. If the computer is immediately unplugged it MIGHT mitigate any damage. I should also note, if the screen just instantly pops up its more than likely just a scare to scare you into purchasing, because again, “encrypting your files” isn’t exactly some thing that can happen from your browser willy nilly, and even if so, it would take awhile to go through everything and encrypt them.

The next step would be getting somebody else to use what is called a “Live Linux Boot CD” to actually start to look at the computer and its contents to salvage it. Under no circumstances should you turn the computer on and allow the computer to boot to Windows. A Live Linux cd would allow somebody to view the file contents of your computer using a completely “offline” operation system that is completely fresh. I don’t expect any normal user to do these kinds of things, but I just want to make you aware its completely doable and its actually quite easy to do.

There are some other ways that would mitigate any damage. Regular backups and backup services are really the most important of them. Periodically you should backup those most important things that are on your computer to an external harddrive, that frankly you just don’t plug in that often. That way if you get a virus like this, you shrug and go “oh well” and you’ll have to just get the computer resetup, which really isn’t that big of a deal (certainly not worth paying a ransom to somebody). I should note if this virus is “real” (it just may be) even things like dropbox aren’t necessarily safe, hence why pulling the power is important. All changes on your local dropbox directory will eventually be reflected on the “cloud” dropbox. So speed is the key.

Obviously for this particular virus, don’t go around clicking “track package” in emails…

Leave a Reply

Your email address will not be published. Required fields are marked *